{"id":5589,"date":"2014-05-22T17:49:43","date_gmt":"2014-05-22T21:49:43","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=5589"},"modified":"2014-05-22T17:49:43","modified_gmt":"2014-05-22T21:49:43","slug":"zero-day-initiative-issues-advisory-about-an-unpatched-security-vulnerability-in-ie8","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/05\/22\/zero-day-initiative-issues-advisory-about-an-unpatched-security-vulnerability-in-ie8\/","title":{"rendered":"Zero Day Initiative issues advisory about an unpatched security vulnerability in IE8"},"content":{"rendered":"

<\/a><\/p>\n

Microsoft hasn’t fixed a critical IE8 security flaw that was reported to the company back in October 2013, according to an advisory published yesterday by HP\u2019s Zero Day Initiative (ZDI). The bug was discovered by Belgian researcher Peter Van Eeckhoutte.<\/p>\n

According to the report, the bug allows an attacker to execute malicious code on computers running IE8 when users visit a website designed to exploit it. This could be done by sending the victim an email or instant message that, if clicked, would lead to the attack.<\/p>\n

“An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user”, the report said.<\/p>\n

ZDI is a program that rewards computer security researchers for identifying software bugs. Information on a security flaw is kept secret for a period of six months so a software vendor can patch it. ZDI said it had told the software giant on May 8 that it intended to publish details of the flaw.<\/p>\n

Although the reason behind Microsoft’s decision to leave the flaw unpatched remains unclear, the Redmond-based company said it is yet to see an active exploit of the zero-day flaw.<\/p>\n

Microsoft recommended that people using the affected browser set Internet security zone settings to “high” to block ActiveX Controls and Active Scripting, and install its Enhanced Mitigation Experience Toolkit (EMET).<\/p>\n

The disclosure comes on the heels of a major zero-day exploit that affected IE 6 through 11. The bug forced Microsoft to release an emergency patch a few days later.<\/p>\n

via Zero Day Initiative issues advisory about an unpatched security vulnerability in IE8 – TechSpot<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Microsoft hasn’t fixed a critical IE8 security flaw that was reported to the company back in October 2013, according to […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[5,11],"tags":[341,539],"class_list":["post-5589","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-windows","tag-exploit","tag-internet-explorer-8"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1s9","jetpack-related-posts":[{"id":8278,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/05\/13\/venom-vulnerability-more-dangerous-than-heartbleed-targets-most-virtual-machines\/","url_meta":{"origin":5589,"position":0},"title":"Venom vulnerability more dangerous than Heartbleed, targets most virtual machines","author":"NCCT","date":"May 13, 2015","format":false,"excerpt":"Researchers have uncovered a new bug that\u2019s much more dangerous than last year\u2019s Heartbleed vulnerability. Venom, short for Virtualized Environment Neglected Operations Manipulation, could allow an attacker to infiltrate a datacenter and take over its entire network. As ZDNet notes, most datacenters use virtual machines to segregate customers, allowing the\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.techspot.com\/images2\/news\/bigimage\/2015-05-13-image-3.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.techspot.com\/images2\/news\/bigimage\/2015-05-13-image-3.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/www.techspot.com\/images2\/news\/bigimage\/2015-05-13-image-3.jpg?resize=525%2C300 1.5x"},"classes":[]},{"id":8135,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/04\/27\/just-released-wordpress-0day-makes-it-easy-to-hijack-millions-of-websites-updated\/","url_meta":{"origin":5589,"position":1},"title":"Just-released WordPress 0day makes it easy to hijack millions of websites [Updated]","author":"NCCT","date":"April 27, 2015","format":false,"excerpt":"Our blog was not affected...NCCT Update: About two hours after this post went live, WordPress released a critical security update that fixes the 0day vulnerability described below. The WordPress content management system used by millions of websites is vulnerable to two newly discovered threats that allow attackers to take full\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/OCqQZJZ1Ie4\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":8767,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/12\/07\/security-vulnerabilities-found-in-support-software-from-lenovo-toshiba-and-dell\/","url_meta":{"origin":5589,"position":2},"title":"Security vulnerabilities found in support software from Lenovo, Toshiba, and Dell","author":"NCCT","date":"December 7, 2015","format":false,"excerpt":"By Lucian Constantin | PCWorld The number of vulnerabilities discovered in technical support applications installed on PCs by manufacturers keeps piling up. New exploits have been published for flaws in Lenovo Solution Center, Toshiba Service Station and Dell System Detect.The most serious flaws appear to be in Lenovo Solution Center\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8907,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/05\/04\/huge-number-of-sites-imperiled-by-critical-image-processing-vulnerability-updated\/","url_meta":{"origin":5589,"position":3},"title":"Huge number of sites imperiled by critical image-processing vulnerability [Updated]","author":"NCCT","date":"May 4, 2016","format":false,"excerpt":"By Dan Goodin | Ars Technica Attack code exploiting critical ImageMagick vulnerability expected within hours. A large number of websites are vulnerable to a simple attack that allows hackers to execute malicious code hidden inside booby-trapped images. The vulnerability resides in ImageMagick, a widely used image-processing library that's supported by\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8004,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/04\/10\/latest-version-of-os-x-closes-backdoor-like-bug-that-gives-attackers-root\/","url_meta":{"origin":5589,"position":4},"title":"Latest version of OS X closes Backdoor-like bug that gives attackers root","author":"NCCT","date":"April 10, 2015","format":false,"excerpt":"For at least four years, a bug in Apple's OS X gave untrusted users\u2014and possibly remote hackers with only limited control of their target\u2014unfettered \"root\" privileges over Macs. The vulnerability is being called a \"hidden backdoor\" by Emil Kvarnhammar, the security researcher who discovered the bug and privately reported it\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/04\/backdoor-640x425.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/04\/backdoor-640x425.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/04\/backdoor-640x425.png?resize=525%2C300 1.5x"},"classes":[]},{"id":6833,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/11\/12\/ios-security-hole-allows-attackers-to-poison-already-installed-iphone-apps\/","url_meta":{"origin":5589,"position":5},"title":"iOS security hole allows attackers to poison already installed iPhone apps","author":"NCCT","date":"November 12, 2014","format":false,"excerpt":"Security researchers have warned of a security hole in Apple's iOS devices that could allow attackers to replace legitimate apps with booby-trapped ones, an exploit that could expose passwords, e-mails, or other sensitive user data. The \"Masque\" attack, as described by researchers from security firm FireEye, relies on enterprise provisioning\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/11\/masque-attack-example-640x613.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/11\/masque-attack-example-640x613.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/11\/masque-attack-example-640x613.jpg?resize=525%2C300 1.5x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/5589","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=5589"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/5589\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=5589"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=5589"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=5589"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}